Advances in Cryptology - CRYPTO 2003

@inproceedings{Boneh2003AdvancesIC,
  title={Advances in Cryptology - CRYPTO 2003},
  author={Dan Boneh},
  booktitle={Lecture Notes in Computer Science},
  year={2003}
}
  • D. Boneh
  • Published in
    Lecture Notes in Computer…
    2003
  • Computer Science
The security of the RSA cryptosystem depends on the difficulty of factoring large integers. The best current factoring algorithm is the Number Field Sieve (NFS), and its most difficult part is the sieving step. In 1999 a large distributed computation involving hundreds of workstations working for many months managed to factor a 512-bit RSA key, but 1024-bit keys were believed to be safe for the next 15-20 years. In this paper we describe a new hardware implementation of the NFS sieving step… 
CAIRN 2: An FPGA Implementation of the Sieving Step in the Number Field Sieve Method
TLDR
This paper reports implementational and experimental results of a dedicated sieving device "CAIRN 2" with Xilinx's FPGA which is designed to handle up to 768-bit integers and adapted a new implementational method (the pipelined sieving) for NFS sieving.
Diophantine and Lattice Cryptanalysis of the RSA Cryptosystem
  • Abderrahmane Nitaj
  • Mathematics, Computer Science
    Artificial Intelligence, Evolutionary Computing and Metaheuristics
  • 2013
TLDR
A survey of the mathematics of the RSA cryptosystem focussing on the cryptanalysis of RSA using a variety of diophantine methods and lattice-reduction based techniques is given.
Cryptanalysis of the Hidden Matrix Cryptosystem
TLDR
An efficient cryptanalysis of the so-called HM cryptosystem, and one perturbed version of HM, is presented, and an upper bound on the maximum degree reached during the Grobner basis computation of HM systems is provided.
Inverting HFE Is Quasipolynomial
TLDR
The complexity of the decryption attack which uses Grobner bases to recover the plaintext and the complexity of a related distinguisher is considered, which shows that the dec encryption attack has a quasipolynomial complexity, much smaller than the classical subexponential expressions encountered in factoring or discrete logarithm computations.
Improved Partial Key Exposure Attacks on RSA by Guessing a Few Bits of One of the Prime Factors
TLDR
This paper achieves significantly improved results by modifying the techniques presented by Ernst et.
Partial Key Exposure on RSA with Private Exponents Larger Than N
TLDR
This paper studies this extended setting of RSA and quantifies the number of bits of d required to mount practical partial key exposure attacks, based on Coppersmith's heuristic methods and validated by practical experiments run through the SAGE computer-algebra system.
New Partial Key Exposure Attacks on CRT-RSA with Large Public Exponents
TLDR
This paper proposes some lattice-based attacks for this extended setting of known LSBs case and introduces two approaches that work up to \(e < N^{{3}\over{8}}\).
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
TLDR
The public-key encryption scheme of Regev, and the identity-basedryption scheme of Gentry, Peikert and Vaikuntanathan are remarkably robust against memory attacks where the adversary can measure a large fraction of the bits of the secret-key, or more generally, can compute an arbitrary function of thesecret-key of bounded output length.
Total Break of the l-IC Signature Scheme
TLDR
Efficient forgery and full-key recovery attacks on the l-IC- signature scheme recently proposed at PKC 2007, a multivariate scheme based on a new internal quadratic primitive which is extremely fast since it requires one exponentiation in a finite field of medium size and the public key is shorter than in many multivariate signature schemes.
Partial Key Exposure: Generalized Framework to Attack RSA
TLDR
This work proposes lattice based approaches to factorize the RSA modulus N=pq (for large primes p, q) when the number of unexposed blocks is n≥1 and analyzes the ISO/IEC 9796-2 standard signature scheme (based on CRT-RSA) with partially known messages.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 27 REFERENCES
Improving Lattice Based Cryptosystems Using the Hermite Normal Form
TLDR
The increased efficiency of the new cryptosystems allows the use of bigger values for the security parameter, making the functions secure against the best cryptanalytic attacks, while keeping the size of the key even below the smallest key size for which lattice cryptos system were ever conjectured to be hard to break.
Analysis and Improvements of NTRU Encryption Paddings
TLDR
It turns out that the first NTRU padding scheme is not even semantically secure (INDCPA), but the second and third can be proven IND-CCA2-secure in the random oracle model, under however rather unusual assumptions.
REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform
TLDR
REACT is presented, a new conversion which applies to any weakly secure cryptosystem, in the random oracle model, which could become a new alternative to OAEP, and even reach security relative to factorization, while allowing symmetric integration.
Imperfect Decryption and an Attack on the NTRU Encryption Scheme
  • J. Proos
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2003
TLDR
A new type of encryption scheme is defined which encompasses both NTRU and an attack model for the attacks presented against it, and uses an oracle for determining if valid ciphertexts can be correctly deciphered, and recover the user’s secret key.
Cryptanalysis of the Public-Key Encryption Based on Braid Groups
TLDR
This paper shows that the private-key can be recovered from the public-key for several parameters with significant probability in a reasonable time and gives a new requirement for secure parameters against the attack, which more or less conflicts with that against brute force attack.
Title: Estimated Breaking times for Ntru Lattices
In this note we report on experiments with the lattices underlying the NTRU Public Key Cryptosystem. We present data for the time needed to nd a small vector and use this data to extrapolate expected
Pseudorandomness from Braid Groups
TLDR
Some cryptographic primitives under two related assumptions in braid groups are presented: which particular bit of the argument x is pseudorandom given f(x).
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
TLDR
A formalization of chosen ciphertext attack is given in the model which is stronger than the "lunchtime attack" considered by Naor and Yung, and it is proved a non-interactive public-key cryptosystem based on non-Interactive zero-knowledge proof of knowledge to be secure against it.
Potential Weaknesses of the Commutator Key Agreement Protocol Based on Braid Groups
TLDR
This article shows how to reduce finding the shared key of this KAP to the list-MSCPs in a permutation group and in a matrix group over a finite field and develops a mathematical algorithm for the MSCP in braid groups.
Public-key cryptosystems provably secure against chosen ciphertext attacks
We show how to construct a public-key cryptosystem (as originally defined by DiNe and Hellman) secure against chosen ciphertezt attacks, given a public-key cryptosystern secure against passive
...
1
2
3
...